Skip to content

Permissions are designed in from the ground up.

Schools hold the most sensitive data about children in the country. SENDCos see things parents share in confidence. Pastoral teams need to know a record exists without seeing what's in it. SENDCo View is built from the ground up for this.

Field-level permissions illustration

Field-level. Not page-level.

Most software handles permissions at the page level: you can see this page or you can't. SENDCo View handles permissions at the field level: within the same pupil profile, two staff members will see different fields depending on their role.

SENDCo's view

Pupil profile, full data

Full data, all fields visible: provision, case notes, safeguarding stub, parent voice, professional involvement.

Form Tutor's view

Pupil profile, role-redacted view

Accommodations visible. Case notes redacted. Safeguarding shows “record exists” only.

“Record exists”, without saying what's in it.

The hardest case in school data is safeguarding. The DSL needs full access. Form tutors need to know a record exists, so they don't blunder into a difficult conversation. Other staff need nothing. SENDCo View handles this with contextual redaction: same field, different visibility, role-based.

Contextual redaction illustration

Every view, edit and export is logged.

Every view, edit, export and parent contribution is logged. The audit trail is exportable in CSV or JSON for inspection, Ofsted preparation, or internal review. We retain audit logs for the lifetime of the contract. On contract end, you receive a complete export before deletion.

Audit log showing field-level access events

For genuine emergencies. Logged with the highest visibility.

For genuine emergencies, an authorised role can request break-glass access to data they wouldn't normally see. The override requires written justification, triggers an automatic notification to the school's named DPO, and is logged with the highest visibility in the audit trail. We've built it because schools have asked for it. We've built it carefully because misuse would be a serious safeguarding failure.

The documents your DPO and procurement need.

The PDFs below are being prepared. Until they're available for download, request copies via hello@myschoolview.co.uk and we'll send them by return.

Common questions about security.

Are you Cyber Essentials certified?
In progress. Certification expected [TBC].
Are you ISO 27001 certified?
Not yet. ISO 27001 is a roadmap item for 2027.
What's your incident response process?
72-hour breach notification per UK GDPR. Detailed runbook available under NDA.
Who has access to the database in production?
Two named individuals, both DBS-checked. Database access is logged and audited monthly.

Want to see this in your school? Apply for a founding place →